New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 7.1
Synopsis
The remote openSUSE host is missing a security update.
Description
This update for qemu fixes the following issues :
- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15
- Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)
- Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873)
- Expose taa-no 'feature', indicating CPU does not have the TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)
- Expose pschange-mc-no 'feature', indicating CPU does not have the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812)
This update was imported from the SUSE:SLE-15:Update update project.
Solution
Update the affected qemu packages.